Inspiration mostly comes for Julien of Unlock Protocol. Unlock provides a framework for NFT based subscriptions to services (blog, ...). Also I believe that POAP ownership could be used to get access to restricted websites.
The issue is that today, proving you have an NFT is done by signing a message with your wallet and that leaks your address. The service you are using instantly gets access to all your financial history.
Ring signatures are a solution, but they are hard to use, mostly because of the lack of tolling
What it does
PrivAccess is a set of packages that include both re-usable libraries to manipulate Ring signature (designed for Ethers.js compatibility) and examples of components that present a simple use case that can be iterated upon.
- Typescript library
- Signing cli (example)
- Data server (example)
- Frontend (example).
How we built it
- Typescript for the library, with dependency on "ethers" and "elliptics". Note elliptics is already the crypto library used by ethers.
- Typescript + yargs/express/ethers for the server and the cli
- Example contract in solidity (on goerli)
- React + Bootstrap for the frontend
Challenges we ran into
- typescript type detection (overloading in typescript is hard)
- Convertion between BN and ethers.BigNumber is a mess.
- Low level cryptography in general is hard
- Wanted to use POAP, but missing the required API. Using a test NFT contract feels better for initial testing anyway
- To compute ring signature I need pubkey of other accounts in the ring. Building a reverse registry of address → pubkey is an issue (but there are ways to fix that).
- Signing of ring signatures is done using the private key, so this is not (yet) working with other wallets. A metamask SNAP is probably the next thing to build
Accomplishments that we're proud of
- Having a working library providing long-awaited cryptographic primitives to the ecosystem in the first night of the hackathon.
What we learned
- Ring signature math
- Now to manage multiple npm packages in a big monorepo
What's next for PrivAccess
- Integration with Unlock/Poap
- A metamask snap to reach a wide userspace
- SDK for easily building OAuth like servers that verify ring validity and produce a JWT/